function genBestOfPlaylist($showid)
{
$final_output = array();
$cdcodes = array();
//don't play the same CD twice
sanitizeInput($showid);
/** get all the non-optional cdcodes/tracks from the current playlist **/
//logbookID showID lb_album_code lb_rotation lb_track_num lb_track_name
//lb_artist lb_album lb_label time_played played deleted
$qv = sprintf("SELECT lb_album_code, lb_track_num FROM `logbook` WHERE showID = %s AND lb_rotation != '0' ORDER BY logbookID ASC", $showid);
$rt = mysql_query($qv) or die("MySQL Error near line " . __LINE__ . " in automation_generate_showplist\n" . $qv . "\n: " . mysql_error());
// echo "ROWS: ".mysql_num_rows($rt)."\n";
while ($song = mysql_fetch_array($rt, MYSQL_ASSOC)) {
$cdcode = $song['lb_album_code'];
$trnum = $song['lb_track_num'];
if ($cdcode == "" || $trnum == "") {
continue;
}
/** for this one song, pull artist, album, label info **/
//albumID album_name num_discs lbum_code artistID
//labelID mediumID genre general_genreID rotationID
$qw = sprintf("SELECT * FROM `libartist`, `libalbum`, `liblabel`, `def_rotations` " . "WHERE libalbum.album_code = '%s' AND " . "libalbum.artistID = libartist.artistID AND " . "libalbum.labelID = liblabel.labelID AND " . "def_rotations.rotationID = libalbum.rotationID LIMIT 1", $cdcode);
$ru = mysql_query($qw) or die("MySQL Error near line " . __LINE__ . ": " . mysql_error());
$cd = mysql_fetch_array($ru, MYSQL_ASSOC);
$cdid = $cd['albumID'];
/** get the song and file names **/
// libtrack: track_name disc_num track_num
// artistID airabilityID file_name albumID
$qx = sprintf("SELECT track_name, file_name \n\t\t\tFROM `libtrack` \n\t\t\tWHERE albumID = '%s' \n\t\t\tAND track_num = '%s'\n\t\t\tAND airabilityID <= 1 \n\t\t\tLIMIT 1", $cdid, $trnum);
$rv = mysql_query($qx) or die("MySQL Error near line " . __LINE__ . ": " . mysql_error());
$track = mysql_fetch_array($rv, MYSQL_ASSOC);
/** it's here, and it hasn't been played in *this* set before **/
if ($track['file_name'] != "" && !in_array($cdcode, $cdcodes)) {
$cdcodes[] = $cdcode;
$output = array();
$output[] = $cdcode;
//0
$output[] = $trnum;
$output[] = $cd['genre'];
$output[] = substr($cd['rotation_bin'], 0, 1);
$output[] = $cd['artist_name'];
$output[] = $track['track_name'];
$output[] = $cd['album_name'];
$output[] = $cd['label'];
$output[] = $track['file_name'];
//8
$final_output[] = $output;
}
}
return $final_output;
}
*
* Dette programmet gjør det mulig å legge til nye
* bedrifter til databasen.
************************************************/
// Henter innstillinger og kobler til databasen
require_once "../settings.php";
require_once $document_root . "handler/database_handler.php";
$database_handler = new database_handler();
// Objekt-klasse for bedrifter
require_once "../object/company.php";
// Sjekker om brukeren har lagret
if (isset($_POST["company_submit"])) {
$company_name = sanitizeInput($_POST["company_name"]);
$company_street_address = sanitizeInput($_POST["company_street_address"]);
$company_postal_code = sanitizeInput($_POST["company_postal_code"]);
$company_city = sanitizeInput($_POST["company_city"]);
// Validerer informasjonen fra brukeren
$error_message = array();
// Validerer navn
if (strlen($company_name) == 0) {
$error_message[] = "Navn er ikke riktig utfylt.";
}
// Validerer gateadresse
if (strlen($company_street_address) == 0) {
$error_message[] = "Gateadresse er ikke riktig utfylt.";
}
// Validerer postnummeret
if (!$database_handler->validPostalCode($company_postal_code)) {
$error_message[] = "Postnummer er ikke riktig utfylt.";
}
// Oppretter company-objekt om informasjonen er tilfredsstillende utfylt
echo "</SELECT>";
/* make year selector */
echo "<SELECT NAME=" . $inName . "Year>\n";
$startYear = date("Y", $useDate);
for ($currentYear = $startYear - 5; $currentYear <= $startYear + 5; $currentYear++) {
echo "<OPTION VALUE=\"{$currentYear}\"";
if (date("Y", $useDate) == $currentYear) {
echo " SELECTED";
}
echo ">{$currentYear}\n";
}
echo "</SELECT>";
}
//end date selector
$id3 = new getID3();
sanitizeInput();
$dirCurrent = urldecode($_GET['path']);
//security is above...
$cartGet = urldecode($_GET['cart']);
$cartName = explode(".", $cartGet);
$cartPath = $dirCurrent . "/" . $cartGet;
if (chdir($dirCurrent) === FALSE) {
die("Error: Could not change to " . $dirCurrent . "\n");
}
$dirCurrent = getcwd();
if (strpos($dirCurrent, BASE_DIR) === FALSE) {
header("Location: " . $_SERVER['HTTP_REFERER']);
}
echo "<h1>PRELIMINARY IMPORT SYSTEM</h1>\n";
echo "<h3>Import a Cart</h3>\n";
echo "<p>This page imports <b>carts.</b> K? Or go <a href='" . $_SERVER['HTTP_REFERER'] . "'>back</a>...</p>\n";
function build_table($sql, $list)
{
global $bg_colors;
$sth = dbquery($sql);
$rows = mysql_num_rows($sth);
if ($rows > 0) {
echo '<table class="blackwhitelist">' . "\n";
echo ' <tr>' . "\n";
echo ' <th>' . __('from07') . '</th>' . "\n";
echo ' <th>' . __('to07') . '</th>' . "\n";
echo ' <th>' . __('action07') . '</th>' . "\n";
echo ' </tr>' . "\n";
$i = 1;
while ($row = mysql_fetch_row($sth)) {
$i = 1 - $i;
$bgcolor = $bg_colors[$i];
echo ' <tr>' . "\n";
echo ' <td style="background-color: ' . $bgcolor . '; ">' . $row[1] . '</td>' . "\n";
echo ' <td style="background-color: ' . $bgcolor . '; ">' . $row[2] . '</td>' . "\n";
echo ' <td style="background-color: ' . $bgcolor . '; "><a href="' . sanitizeInput($_SERVER['PHP_SELF']) . '?submit=Delete&id=' . $row[0] . '&to=' . $row[2] . '&list=' . $list . '">' . __('delete07') . '</a><td>' . "\n";
echo ' </tr>' . "\n";
}
echo '</table>' . "\n";
} else {
echo "No entries found.\n";
}
}
include_once '../configuration/db.php';
include_once '../function/funcs.php';
$originalCatDesc = sanitizeInput($_POST['originalCatDesc']);
$originalCatName = sanitizeInput($_POST['originalCatName']);
$catDesc = sanitizeInput($_POST['catDesc']);
$catName = sanitizeInput($_POST['catName']);
$connection = new mysqli(HOST, USER, PSW, DB);
$query = "UPDATE category SET name='" . $catName . "',description='" . $catDesc . "' WHERE name='" . $originalCatName . "'";
$exec = $connection->query($query);
if ($exec) {
echo "Category updated!";
} else {
echo $connection->error;
}
$connection->close();
}
//function: cpanelCategory - edit category
if (isset($_POST['delCategory'])) {
include_once '../configuration/db.php';
include_once '../function/funcs.php';
$catName = sanitizeInput($_POST['catName']);
$connection = new mysqli(HOST, USER, PSW, DB);
$query = "DELETE FROM category WHERE name='" . $catName . "'";
$exec = $connection->query($query);
if ($exec) {
echo "Category deleted!";
} else {
echo $connection->error;
}
$connection->close();
}
As a special exception, you have permission to link this program with the JpGraph library and
distribute executables, as long as you follow the requirements of the GNU GPL in regard to all of the software
in the executable aside from JpGraph.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
//Require files
require_once './functions.php';
// Authentication verification and keep the session alive
session_start();
require './login.function.php';
html_start("GeoIP Database Update", 0, false, false);
if (!isset($_POST['run'])) {
echo '<form method="POST" action="' . sanitizeInput($_SERVER['PHP_SELF']) . '">
<input type="hidden" name="run" value="true">
<table class="boxtable" width="100%">
<tr>
<td>
This utility is used to download the GeoIP database files (which are updated on the first Tuesday of each month) from <a href="http://dev.maxmind.com/geoip/legacy/geolite/" target="_maxmind">MaxMind</a> which is used to work out the country of origin for any given IP address and is displayed on the Message Detail page.<br><br>
</td>
</tr>
<tr>
<td align="center"><br><input type="SUBMIT" value="Run Now"><br><br></td>
</tr>
</table>
</form>' . "\n";
} else {
ob_start();
echo "Downloading file, please wait....<br>\n";
<?php
//Use output buffer mode
ob_start();
//Start session
session_start();
//Include database config
require_once "php/config.php";
//Include components;
require_once "php/components.php";
//Include functions;
require_once "php/functions.php";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$userName = sanitizeInput($_POST['userName']);
$password = sanitizeInput($_POST['password']);
if (validateLoginParam($userName, $password)) {
login($userName, $password);
} else {
$loginPaneVisibility = "visible";
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Vancouver Guide</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="style/homepage.css" rel="stylesheet" type="text/css">
<link href="style/base.css" rel="stylesheet" type="text/css">
function Process_Form()
{
// Processes the form, writes the updated file
//
// returns the number of bytes written and status messages, which it
// gets from Write_File
//
include "msre_function_global_vars.php";
$new_file = array();
$bytes = 0;
$status_msg = "";
// Debugging... this displays all my post vars for me
/*
echo "<span class=\"debug\">\n";
echo "POST vars:<br>\n";
foreach ($_POST as $key => $value) {
echo "$key: $value<br>\n";
}
echo "</span>\n";
*/
// mmkay... what we'll want to do here is write out
// a new file with the updated rules that the user has
// just saved. Rather than trying to edit the file every
// time, I'm just going to overwrite it each time.
// But that means that I need to keep comments on the top...
// look thru the file, and grab comments on the top,
// stopping when we have reached a non-comment line
$previous_line = "";
$first_line = true;
foreach (preg_split("/\n/", $file_contents) as $line) {
if ($line == "" or substr($line, 0, 1) == "#" and !preg_match("/#DISABLED#/", $line)) {
if (!$first_line) {
$new_file[] = $previous_line . "\n";
}
} else {
break;
}
$previous_line = $line;
$first_line = false;
}
// to make my life easier (or possibly harder), I'm going
// to re-arrange the rule varibles from the _POST var
// into a single multi-dimensional array that will hold
// all the info i need for the rules.
$new_ruleset = array();
// I should know the number of rules I have... right?
// we do <= so that we can check for the add rule thingy,
// which will end up being on the end of the ruleset
// Also, we will be pulling out the "default" rule, if
// it exists, because we want to tack that back onto
// the end of the ruleset when we're done (default should
// stay @ the bottom)
$default_direction = "FromOrTo:";
$default_action = "";
$default_desc = "";
for ($i = -1; $i <= $_POST["rule_count"]; $i++) {
$rule_prefix = "rule" . $i . "_";
$description = $rule_prefix . "description";
$direction = $rule_prefix . "direction";
$target = $rule_prefix . "target";
$and = $rule_prefix . "and";
$and_direction = $rule_prefix . "and_direction";
$and_target = $rule_prefix . "and_target";
$action = $rule_prefix . "action";
$rule_action = $rule_prefix . "rule_action";
// we need to remove any "magic quoting" from the description, target,
// and action fields, so that it doesn't put it into the file
if (isset($_POST[$description])) {
$_POST[$description] = Fix_Quotes($_POST[$description]);
} else {
$_POST[$description] = "";
}
//echo "$description: " . $_POST[$description] . "<br>\n";
// check for "default" rule
if (isset($_POST[$target])) {
$_POST[$target] = Fix_Quotes($_POST[$target]);
} else {
$_POST[$target] = "default";
}
// strip out any embedded blanks from Target
$_POST[$target] = str_replace(" ", "", $_POST[$target]);
if (!isset($_POST[$and_direction])) {
$_POST[$and_direction] = "";
}
if (isset($_POST[$and_target])) {
$_POST[$and_target] = Fix_Quotes($_POST[$and_target]);
} else {
$_POST[$and_target] = "";
}
// strip out any embedded blanks from AndTarget
$_POST[$and_target] = str_replace(" ", "", $_POST[$and_target]);
if (isset($_POST[$action])) {
$_POST[$action] = Fix_Quotes($_POST[$action]);
} else {
$_POST[$action] = "";
}
// On no account allow invalid rule
// Target and Action must both have values
// delete rule if they don't
if ($_POST[$target] == "" or $_POST[$action] == "") {
continue;
}
if (strtolower($_POST[$target]) == "default") {
// Default 'direction' can only be "Virus:" or "FromOrTo:"
if ($_POST[$direction] == "Virus:") {
$default_direction = "Virus:";
} else {
$default_direction = "FromOrTo:";
}
$default_action = $_POST[$action];
$default_desc = $_POST[$description];
continue;
}
// check to see if any rule action was specified, like delete,
// disable, enable.
// If so, we need to do something here..
//echo "$rule_action: |" . $_POST[$rule_action] . "|<br>\n";
if (isset($_POST[$rule_action])) {
switch ($_POST[$rule_action]) {
case "Delete":
// deletions are simple, just ignore this rule and
// go to the next one (and it won't get written to
// the new file)
//echo "rule$i: $rule_action says delete<br>\n";
continue 2;
case "Disable":
// to disable a rule, we simply add "#DISABLED" to the
// beginning of the direction field,
// which will end up being the first thing on the line
$_POST[$direction] = "#DISABLED#" . $_POST[$direction];
break;
case "Enable":
// enable is the opposite of disable..
$_POST[$direction] = preg_replace("/^#DISABLED#/", "", $_POST[$direction]);
break;
}
}
//echo "after case, rule $i<br>\n";
// make sure there's something there... direction is required
if (!isset($_POST[$and])) {
$_POST[$and] = "";
}
// if any of the "and" parts are missing, clear the whole and part
if ($_POST[$and] == "" or $_POST[$and_direction] == "" or $_POST[$and_target] == "") {
$_POST[$and] = "";
$_POST[$and_direction] = "";
$_POST[$and_target] = "";
}
if (isset($_POST[$direction])) {
if ($_POST[$direction]) {
//echo "$direction: $_POST[$direction]<br>\n";
$new_ruleset[] = array("description" => $_POST[$description], "direction" => $_POST[$direction], "target" => $_POST[$target], "and" => $_POST[$and], "and_direction" => $_POST[$and_direction], "and_target" => $_POST[$and_target], "action" => $_POST[$action]);
}
}
}
// ok, at this point I think we can finish assembling the new file
foreach ($new_ruleset as $new_rule) {
$new_file[] = "#" . $new_rule["description"] . "\n" . $new_rule["direction"] . "\t" . $new_rule["target"] . "\t" . $new_rule["and"] . "\t" . $new_rule["and_direction"] . "\t" . $new_rule["and_target"] . "\t" . $new_rule["action"] . "\n";
}
// and add on the default rule if there is one.
if ($default_action != "") {
$new_file[] = "#" . sanitizeInput($default_desc) . "\n";
$new_file[] = sanitizeInput($default_direction) . "\tdefault\t\t\t" . sanitizeInput($default_action) . "\n";
}
// ### ---> Debugging
/*
echo "<span class=\"debug\">\n";
echo "new file:<br>\n";
echo "<pre>";
foreach ($new_file as $line) {
echo $line;
}
echo "</pre>\n";
echo "</span>\n";
*/
// mmmkay, now we should be able to write the new file
$getFile = basename(sanitizeInput($_GET["file"]));
$filename = MSRE_RULESET_DIR . "/" . $getFile;
list($bytes, $status_msg) = Write_File($filename, $new_file);
// schedule a reload of mailscanner's stuff. We can't do an immediate
// reload w/out giving the apache user rights to run the MailScanner
// startup/reload script, and that could be a bad idea...
//So instead, I schedule a reload with the msre_reload.cron cron job
$status_msg .= "<span class=\"status\">\n";
$status_msg .= "Scheduling reload of MailScanner...";
$fh = fopen("/tmp/msre_reload", "w");
// we don't need to write to the file, just it existing is enough
if (!$fh) {
$status_msg .= "<span class=\"error\">**ERROR** Couldn't schedule a reload of " . "MailScanner! (You will have to manually do a " . "|/etc/init.d/MailScanner reload| )</span><br>\n";
} else {
$status_msg .= "Ok.<br>\n" . "Your changes will take effect in the next " . MSRE_RELOAD_INTERVAL . " minutes, when MailScanner reloads.<br>\n";
}
$status_msg .= "</span>\n";
$returnvalue = array($bytes, $status_msg);
return $returnvalue;
}
function updateArea($aData)
{
global $db;
$iAreaID = $aData['hdArea'];
// first update the area info
$db->query("update areas " . "set area_name=" . sanitizeInput($aData['tbName']) . ", area_desc=" . sanitizeInput($aData['tbDesc']) . ", " . "area_templ=" . sanitizeInput($aData['taTempl']) . " " . "where area_id={$iAreaID}");
// clear the areasuper list
$db->query("delete from areasuper where as_area_id={$iAreaID}");
// now do the supervisor updates
foreach ($aData['msSupers'] as $Super) {
$Super = sanitizeInput($Super);
$db->query("insert into areasuper values(null,{$iAreaID},{$Super})");
}
}
//Start session
if (!isset($_SESSION)) {
session_start();
}
//Include database configure
require_once "config.php";
//Include components
require_once "components.php";
//Include control functions
require_once "functions.php";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//Retrive register data from request (POST)
$userName = sanitizeInput($_POST["userName"]);
$password = sanitizeInput($_POST["password"]);
$confirmPassword = sanitizeInput($_POST["confirmPassword"]);
$email = sanitizeInput($_POST["email"]);
if (validateRegisterParam($userName, $password, $confirmPassword, $email)) {
dbAddAccount($userName, $password, $email);
header('location:' . 'loginPage.php');
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Servival Guide for International Students </title>
<link href="../style/base.css" rel="stylesheet" type="text/css">
<link href="../style/homepage.css" rel="stylesheet" type="text/css">
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
// $Id: editNotes.php,v 1.9 2005/10/30 22:37:19 atrommer Exp $
checkUser($_SESSION['USERTYPE'], 2);
// check for postback
if ($_POST['isPostback']) {
updateNotes($_POST['hdEvent'], sanitizeInput($_POST['taComments']));
redirect('editSched.php?area=' . $_POST['area']);
}
if (isset($_REQUEST['event'])) {
$oEvent = getEventDetails($_REQUEST['event']);
// if we don't have a month set, pull it from area
if (strlen($oEvent->event_comments)) {
$sNotes = $oEvent->event_comments;
} else {
$sNotes = getAreaTempl($_REQUEST['area']);
}
} else {
accessDenied("Please choose an event to edit first using Manage Schedules");
}
doHeader("Editing notes for " . $oEvent->event_name, 'taComments');
?>
function ed_da_delta_appointments_delPay_action_callback()
{
global $wpdb;
$id_cd = isset($_POST['id_cd']) ? sanitizeInput($_POST['id_cd'], "n") : "";
$payDate = isset($_POST['payDate']) ? sanitizeInput($_POST['payDate'], "notes") : "";
$payAmount = isset($_POST['payAmount']) ? sanitizeInput($_POST['payAmount'], "notes") : "";
$payDate = convertDate($payDate, false);
$workWithModels = new ManipulateTables();
// Refer to views.php#32 about table_tabs
$table_tabs = $wpdb->prefix . 'ed_da_delta_appointments_tabs';
$wpdb->update($table_tabs, array('tabs' => 'paymentsTab'), array('id' => 1));
echo $workWithModels->deletePay($id_cd, $payDate, $payAmount);
wp_die();
}
" method="post">
<fieldset>
<legend><?php
echo empty($acronym_id) ? 'Nouvel acronyme' : "Modification de l'acronyme <acronym>{$acronym_id}</acronym>";
?>
</legend>
<p><label>Acronyme : <input type="text" id="acronym" name="acronym"<?php
if (!empty($acroinfos['acronym'])) {
echo ' value="', $acroinfos['acronym'], '"';
}
?>
/></label></p>
<p><label>Signification : <input type="text" id="content" name="content"<?php
if (!empty($acroinfos['content'])) {
echo ' value="', sanitizeInput($acroinfos['content']), '"';
}
?>
/></label></p>
<p><label>Langue : <input type="text" id="lang" name="lang"<?php
if (!empty($acroinfos['lang'])) {
echo ' value="', $acroinfos['lang'], '"';
}
?>
/></label></p>
<p><?php
if (!empty($acronym_id)) {
echo '<input type="hidden" name="acronym_id" id="acronym_id" value="', $acronym_id, '" />';
}
<?php
if (isset($_POST['field1'])) {
$data = $_POST['field1'] . "\n";
$data = sanitizeInput($data);
$ret = file_put_contents('FULL_PATH_TO/tmp/mydata.txt', $data, FILE_APPEND | LOCK_EX);
if ($ret === false) {
die('There was an error writing this file');
} else {
echo "{$ret} bytes written to file";
}
} else {
die('no post data to process');
}
// Sanitize the input
function sanitizeInput($data)
{
if (trim($data) == "") {
return false;
} else {
return filter_var($data, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
}
}
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* In addition, as a special exception, the copyright holder gives permission to link the code of this program with
* those files in the PEAR library that are licensed under the PHP License (or with modified versions of those files
* that use the same license as those files), and distribute linked combinations including the two.
* You must obey the GNU General Public License in all respects for all of the code used other than those files in the
* PEAR library that are licensed under the PHP License. If you modify this program, you may extend this exception to
* your version of the program, but you are not obligated to do so.
* If you do not wish to do so, delete this exception statement from your version.
*
* As a special exception, you have permission to link this program with the JpGraph library and distribute executables,
* as long as you follow the requirements of the GNU GPL in regard to all of the software in the executable aside from
* JpGraph.
*
* You should have received a copy of the GNU General Public License along with this program; if not, write to the Free
* Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
if (isset($_SERVER['PHP_AUTH_USER']) && !isset($_SESSION['myusername'])) {
include __DIR__ . '/checklogin.php';
} elseif (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SESSION['myusername']) && isset($_GET['httpbasic'])) {
header('WWW-Authenticate: Basic realm="MailWatch for MailScanner"');
header('HTTP/1.0 401 Unauthorized');
header("Location: login.php?error=baduser");
exit;
} elseif (!isset($_SESSION['myusername'])) {
if (isset($_SERVER['REQUEST_URI'])) {
$_SESSION['REQUEST_URI'] = sanitizeInput($_SERVER['REQUEST_URI']);
}
header("Location: login.php");
exit;
}
}
break;
case "U":
$global_list = "to_address='{$myusername}'";
foreach ($filter as $to_address) {
$global_list .= " OR to_address='{$to_address}'";
}
break;
}
// If result matched $myusername and $mypassword, table row must be 1 row
if ($usercount == 1) {
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['myusername'] = $myusername;
$_SESSION['fullname'] = $fullname;
$_SESSION['user_type'] = isset($usertype) ? $usertype : '';
$_SESSION['domain'] = isset($domainname) ? $domainname : '';
$_SESSION['global_filter'] = '(' . $global_filter . ')';
$_SESSION['global_list'] = isset($global_list) ? $global_list : '';
$_SESSION['global_array'] = $filter;
$redirect_url = 'index.php';
if (isset($_SESSION['REQUEST_URI'])) {
$redirect_url = sanitizeInput($_SESSION['REQUEST_URI']);
unset($_SESSION['REQUEST_URI']);
}
header('Location: ' . $redirect_url);
} else {
header('Location: login.php?error=baduser');
}
// close any DB connections
dbclose();
}
$currentPostId = sanitizeInput($_POST['postId']);
$comment = sanitizeInput($_POST['comment']);
if ($comment != "") {
dbAddReply($currentPostId, $comment);
} else {
$hintComment = "*Comment cannot be empty.";
$replyPostVisibility = "visible";
}
break;
default:
break;
}
}
if ($_SERVER["REQUEST_METHOD"] == "GET") {
if (count($_GET) > 0) {
$currentPostId = sanitizeInput($_GET['postId']);
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Servival Guide for International Students </title>
<link href="../style/base.css" rel="stylesheet" type="text/css">
<link href="../style/homepage.css" rel="stylesheet" type="text/css">
<link href="../style/comment.css" rel="stylesheet" type="text/css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js"></script>
<script src="../scripts/addheaderfooter_jquery.js"></script>
/**
* @param $sql
* @param bool|string $table_heading
* @param bool $pager
* @param bool $order
* @param bool $operations
*/
function db_colorised_table($sql, $table_heading = false, $pager = false, $order = false, $operations = false)
{
require_once __DIR__ . '/lib/pear/Mail/mimeDecode.php';
// Ordering
$orderby = null;
$orderdir = '';
if (isset($_GET['orderby'])) {
$orderby = sanitizeInput($_GET['orderby']);
switch (strtoupper($_GET['orderdir'])) {
case 'A':
$orderdir = 'ASC';
break;
case 'D':
$orderdir = 'DESC';
break;
}
}
if (!empty($orderby)) {
if (($p = stristr($sql, 'ORDER BY')) !== false) {
// We already have an existing ORDER BY clause
$p = "ORDER BY\n " . $orderby . ' ' . $orderdir . ',' . substr($p, strlen('ORDER BY') + 2);
$sql = substr($sql, 0, strpos($sql, 'ORDER BY')) . $p;
} else {
// No existing ORDER BY - disable feature
$order = false;
}
}
if ($pager) {
require_once __DIR__ . '/lib/pear/Pager.php';
if (isset($_GET['offset'])) {
$from = intval($_GET['offset']);
} else {
$from = 0;
}
// Remove any ORDER BY clauses as this will slow the count considerably
if ($pos = strpos($sql, "ORDER BY")) {
$sqlcount = substr($sql, 0, $pos);
}
// Count the number of rows that would be returned by the query
$sqlcount = "SELECT COUNT(*) " . strstr($sqlcount, "FROM");
$rows = mysql_result(dbquery($sqlcount), 0);
// Build the pager data
$pager_options = array('mode' => 'Sliding', 'perPage' => MAX_RESULTS, 'delta' => 2, 'totalItems' => $rows);
$pager = @Pager::factory($pager_options);
//then we fetch the relevant records for the current page
list($from, $to) = $pager->getOffsetByPageId();
echo '<table cellspacing="1" class="mail" >
<tr>
<th colspan="5">' . __('disppage03') . ' ' . $pager->getCurrentPageID() . ' ' . __('of03') . ' ' . $pager->numPages() . ' - ' . __('records03') . ' ' . $from . ' ' . __('to0203') . ' ' . $to . ' ' . __('of03') . ' ' . $pager->numItems() . '</th>
</tr>
<tr>
<td align="center">' . "\n";
//show the links
echo $pager->links;
echo '</td>
</tr>
</table>
</tr>
<tr>
<td colspan="4">';
// Re-run the original query and limit the rows
$limit = $from - 1;
$sql .= " LIMIT {$limit}," . MAX_RESULTS;
$sth = dbquery($sql);
$rows = mysql_num_rows($sth);
$fields = mysql_num_fields($sth);
// Account for extra operations column
if ($operations !== false) {
$fields++;
}
} else {
$sth = dbquery($sql);
$rows = mysql_num_rows($sth);
$fields = mysql_num_fields($sth);
// Account for extra operations column
if ($operations !== false) {
$fields++;
}
}
if ($rows > 0) {
if ($operations !== false) {
// Start form for operations
echo '<form name="operations" action="./do_message_ops.php" method="POST">' . "\n";
}
echo '<table cellspacing="1" width="100%" class="mail">' . "\n";
// Work out which columns to display
for ($f = 0; $f < $fields; $f++) {
if ($f == 0 && $operations !== false) {
// Set up display for operations form elements
$display[$f] = true;
$orderable[$f] = false;
// Set it up not to wrap - tricky way to leach onto the align field
$align[$f] = 'center" style="white-space:nowrap';
$fieldname[$f] = 'Ops<br><a href="javascript:SetRadios(\'S\')">S</a> <a href="javascript:SetRadios(\'H\')">H</a> <a href="javascript:SetRadios(\'F\')">F</a> <a href="javascript:SetRadios(\'R\')">R</a>';
continue;
}
$display[$f] = true;
$orderable[$f] = true;
$align[$f] = false;
// Set up the mysql column to account for operations
if ($operations !== false) {
$colnum = $f - 1;
} else {
$colnum = $f;
}
switch ($fieldname[$f] = mysql_field_name($sth, $colnum)) {
case 'host':
$fieldname[$f] = "Host";
if (DISTRIBUTED_SETUP) {
$display[$f] = true;
} else {
$display[$f] = false;
}
break;
case 'timestamp':
$fieldname[$f] = __('datetime03');
$align[$f] = "center";
break;
case 'datetime':
$fieldname[$f] = __('datetime03');
$align[$f] = "center";
break;
case 'id':
$fieldname[$f] = "ID";
$orderable[$f] = false;
$align[$f] = "center";
break;
case 'id2':
$fieldname[$f] = "#";
$orderable[$f] = false;
$align[$f] = "center";
break;
case 'size':
$fieldname[$f] = __('size03');
$align[$f] = "right";
break;
case 'from_address':
$fieldname[$f] = __('from03');
break;
case 'to_address':
$fieldname[$f] = __('to03');
break;
case 'subject':
$fieldname[$f] = __('subject03');
break;
case 'clientip':
if (defined('DISPLAY_IP') && DISPLAY_IP) {
$fieldname[$f] = "Client IP";
}
$display[$f] = true;
break;
case 'archive':
$display[$f] = false;
break;
case 'isspam':
$display[$f] = false;
break;
case 'ishighspam':
$display[$f] = false;
break;
case 'issaspam':
$display[$f] = false;
break;
case 'isrblspam':
$display[$f] = false;
break;
case 'spamwhitelisted':
$display[$f] = false;
break;
case 'spamblacklisted':
$display[$f] = false;
break;
case 'spamreport':
$display[$f] = false;
break;
case 'virusinfected':
$display[$f] = false;
break;
case 'nameinfected':
$display[$f] = false;
break;
case 'otherinfected':
$display[$f] = false;
break;
case 'report':
$display[$f] = false;
break;
case 'ismcp':
$display[$f] = false;
break;
case 'ishighmcp':
$display[$f] = false;
break;
case 'issamcp':
$display[$f] = false;
break;
case 'mcpwhitelisted':
$display[$f] = false;
break;
case 'mcpblacklisted':
$display[$f] = false;
break;
case 'mcpreport':
$display[$f] = false;
break;
case 'hostname':
$fieldname[$f] = 'Host';
$display[$f] = true;
break;
case 'date':
$fieldname[$f] = 'Date';
break;
case 'time':
$fieldname[$f] = 'Time';
break;
case 'headers':
$display[$f] = false;
break;
case 'sascore':
if (get_conf_truefalse('UseSpamAssassin')) {
$fieldname[$f] = __('sascore03');
$align[$f] = "right";
} else {
$display[$f] = false;
}
break;
case 'mcpsascore':
if (get_conf_truefalse('MCPChecks')) {
$fieldname[$f] = __('mcpscore03');
$align[$f] = "right";
} else {
$display[$f] = false;
}
break;
case 'status':
$fieldname[$f] = "Status";
$orderable[$f] = false;
break;
case 'message':
$fieldname[$f] = "Message";
break;
case 'attempts':
$fieldname[$f] = "Tries";
$align[$f] = "right";
break;
case 'lastattempt':
$fieldname[$f] = "Last";
$align[$f] = "right";
break;
}
}
// Table heading
if (isset($table_heading) && $table_heading != "") {
// Work out how many columns are going to be displayed
$column_headings = 0;
for ($f = 0; $f < $fields; $f++) {
if ($display[$f]) {
$column_headings++;
}
}
echo ' <tr>' . "\n";
echo ' <th colspan="' . $column_headings . '">' . $table_heading . '</th>' . "\n";
echo ' </tr>' . "\n";
}
// Column headings
echo '<tr>' . "\n";
for ($f = 0; $f < $fields; $f++) {
if ($display[$f]) {
if ($order && $orderable[$f]) {
// Set up the mysql column to account for operations
if ($operations !== false) {
$colnum = $f - 1;
} else {
$colnum = $f;
}
echo " <th>\n";
echo " {$fieldname[$f]} (<a href=\"?orderby=" . mysql_field_name($sth, $colnum) . "&orderdir=a" . subtract_multi_get_vars(array('orderby', 'orderdir')) . "\">A</a>/<a href=\"?orderby=" . mysql_field_name($sth, $colnum) . "&orderdir=d" . subtract_multi_get_vars(array('orderby', 'orderdir')) . "\">D</a>)\n";
echo " </th>\n";
} else {
echo ' <th>' . $fieldname[$f] . '</th>' . "\n";
}
}
}
echo ' </tr>' . "\n";
// Rows
$jsRadioCheck = '';
$jsReleaseCheck = '';
for ($r = 0; $r < $rows; $r++) {
$row = mysql_fetch_row($sth);
if ($operations !== false) {
// Prepend operations elements - later on, replace REPLACEME w/ message id
array_unshift($row, '<input name="OPT-REPLACEME" type="RADIO" value="S"> <input name="OPT-REPLACEME" type="RADIO" value="H"> <input name="OPT-REPLACEME" type="RADIO" value="F"> <input name="OPTRELEASE-REPLACEME" type="checkbox" value="R">');
}
// Work out field colourings and mofidy the incoming data as necessary
// and populate the generate an overall 'status' for the mail.
$status_array = array();
$infected = false;
$highspam = false;
$spam = false;
$whitelisted = false;
$blacklisted = false;
$mcp = false;
$highmcp = false;
for ($f = 0; $f < $fields; $f++) {
if ($operations !== false) {
if ($f == 0) {
// Skip the first field if it is operations
continue;
}
$field = mysql_field_name($sth, $f - 1);
} else {
$field = mysql_field_name($sth, $f);
}
switch ($field) {
case 'id':
// Store the id for later use
$id = $row[$f];
// Create a link to detail.php
$row[$f] = '<a href="detail.php?id=' . $row[$f] . '">' . $row[$f] . '</a>' . "\n";
break;
case 'id2':
// Store the id for later use
$id = $row[$f];
// Create a link to detail.php as [<link>]
$row[$f] = "[<a href=\"detail.php?id={$row[$f]}\">#</a>]";
break;
case 'from_address':
$row[$f] = htmlentities($row[$f]);
if (FROMTO_MAXLEN > 0) {
$row[$f] = trim_output($row[$f], FROMTO_MAXLEN);
}
break;
case 'clientip':
$clientip = $row[$f];
if (defined('RESOLVE_IP_ON_DISPLAY') && RESOLVE_IP_ON_DISPLAY === true) {
if (net_match('10.0.0.0/8', $clientip) || net_match('172.16.0.0/12', $clientip) || net_match('192.168.0.0/16', $clientip)) {
$host = 'Internal Network';
} elseif (($host = gethostbyaddr($clientip)) == $clientip) {
$host = 'Unknown';
}
$row[$f] .= " ({$host})";
}
break;
case 'to_address':
$row[$f] = htmlentities($row[$f]);
if (FROMTO_MAXLEN > 0) {
// Trim each address to specified size
$to_temp = explode(",", $row[$f]);
$num_to_temp = count($to_temp);
for ($t = 0; $t < $num_to_temp; $t++) {
$to_temp[$t] = trim_output($to_temp[$t], FROMTO_MAXLEN);
}
// Return the data
$row[$f] = implode(",", $to_temp);
}
// Put each address on a new line
$row[$f] = str_replace(",", "<br>", $row[$f]);
break;
case 'subject':
$row[$f] = htmlspecialchars(getUTF8String(decode_header($row[$f])));
if (SUBJECT_MAXLEN > 0) {
$row[$f] = trim_output($row[$f], SUBJECT_MAXLEN);
}
break;
case 'isspam':
if ($row[$f] == 'Y' || $row[$f] > 0) {
$spam = true;
array_push($status_array, 'Spam');
}
break;
case 'ishighspam':
if ($row[$f] == 'Y' || $row[$f] > 0) {
$highspam = true;
}
break;
case 'ismcp':
if ($row[$f] == 'Y' || $row[$f] > 0) {
$mcp = true;
array_push($status_array, 'MCP');
}
break;
case 'ishighmcp':
if ($row[$f] == 'Y' || $row[$f] > 0) {
$highmcp = true;
}
break;
case 'virusinfected':
if ($row[$f] == 'Y' || $row[$f] > 0) {
$infected = true;
array_push($status_array, 'Virus');
}
break;
case 'report':
// IMPORTANT NOTE: for this to work correctly the 'report' field MUST
// appear after the 'virusinfected' field within the SQL statement.
if (preg_match("/VIRUS_REGEX/", $row[$f], $virus)) {
foreach ($status_array as $k => $v) {
if ($v = preg_replace('/Virus/', "Virus (" . return_virus_link($virus[2]) . ")", $v)) {
$status_array[$k] = $v;
}
}
}
break;
case 'nameinfected':
if ($row[$f] == 'Y' || $row[$f] > 0) {
$infected = true;
array_push($status_array, 'Bad Content');
}
break;
case 'otherinfected':
if ($row[$f] == 'Y' || $row[$f] > 0) {
$infected = true;
array_push($status_array, 'Other');
}
break;
case 'size':
$row[$f] = format_mail_size($row[$f]);
break;
case 'spamwhitelisted':
if ($row[$f] == 'Y' || $row[$f] > 0) {
$whitelisted = true;
array_push($status_array, 'W/L');
}
break;
case 'spamblacklisted':
if ($row[$f] == 'Y' || $row[$f] > 0) {
$blacklisted = true;
array_push($status_array, 'B/L');
}
break;
case 'clienthost':
$hostname = gethostbyaddr($row[$f]);
if ($hostname == $row[$f]) {
$row[$f] = "(Hostname lookup failed)";
} else {
$row[$f] = $hostname;
}
break;
case 'status':
// NOTE: this should always be the last row for it to be displayed correctly
// Work out status
if (count($status_array) == 0) {
$status = "Clean";
} else {
$status = join("<br>", $status_array);
}
$row[$f] = $status;
break;
}
}
// Now add the id to the operations form elements
if ($operations !== false) {
$row[0] = str_replace("REPLACEME", $id, $row[0]);
$jsRadioCheck .= " document.operations.elements[\"OPT-{$id}\"][val].checked = true;\n";
$jsReleaseCheck .= " document.operations.elements[\"OPTRELEASE-{$id}\"].checked = true;\n";
}
// Colorise the row
switch (true) {
case $infected:
echo '<tr class="infected">' . "\n";
break;
case $whitelisted:
echo '<tr class="whitelisted">' . "\n";
break;
case $blacklisted:
echo '<tr class="blacklisted">' . "\n";
break;
case $highspam:
echo '<tr class="highspam">' . "\n";
break;
case $spam:
echo '<tr class="spam">' . "\n";
break;
case $highmcp:
echo '<tr class="highmcp">' . "\n";
break;
case $mcp:
echo '<tr class="mcp">' . "\n";
break;
default:
if (isset($fieldname['mcpsascore']) && $fieldname['mcpsascore'] != '') {
echo '<tr class="mcp">' . "\n";
} else {
echo '<tr >' . "\n";
}
break;
}
// Display the rows
for ($f = 0; $f < $fields; $f++) {
if ($display[$f]) {
if ($align[$f]) {
echo ' <td align="' . $align[$f] . '">' . $row[$f] . '</td>' . "\n";
} else {
echo ' <td >' . $row[$f] . '</td>' . "\n";
}
}
}
echo ' </tr>' . "\n";
}
echo '</table>' . "\n";
// Javascript function to clear radio buttons
if ($operations !== false) {
echo "\n<script type='text/javascript'>\n function ClearRadios() {\n var e=document.operations.elements\n for(i=0; i<e.length; i++) {\n if (e[i].type=='radio' || e[i].type=='checkbox') {\n e[i].checked=false;\n }\n }\n }\n\n function SetRadios(p) {\n var val;\n var values = {\n 'S' : 0,\n 'H' : 1,\n 'F' : 2,\n 'R' : 3\n };\n switch (p) {\n case 'S':\n case 'H':\n case 'F':\n val = values[p];\n {$jsRadioCheck}\n break;\n case 'R':\n {$jsReleaseCheck}\n break;\n case 'C':\n ClearRadios();\n break;\n default:\n return;\n }\n }\n</script>\n <p> <a href=\"javascript:SetRadios('S')\">S</a>\n <a href=\"javascript:SetRadios('H')\">H</a>\n <a href=\"javascript:SetRadios('F')\">F</a>\n <a href=\"javascript:SetRadios('R')\">R</a>\n or <a href=\"javascript:SetRadios('C')\">Clear</a> all</p>\n <p><input type='SUBMIT' name='SUBMIT' value='Learn'></p>\n </form>\n <p><b>S</b> = Spam <b>H</b> = Ham <b>F</b> = Forget <b>R</b> = Release" . "\n";
}
echo '<br>' . "\n";
if ($pager) {
require_once __DIR__ . '/lib/pear/Pager.php';
if (isset($_GET['offset'])) {
$from = intval($_GET['offset']);
} else {
$from = 0;
}
// Remove any ORDER BY clauses as this will slow the count considerably
if ($pos = strpos($sql, "ORDER BY")) {
$sqlcount = substr($sql, 0, $pos);
}
// Count the number of rows that would be returned by the query
$sqlcount = "SELECT COUNT(*) " . strstr($sqlcount, "FROM");
$rows = mysql_result(dbquery($sqlcount), 0);
// Build the pager data
$pager_options = array('mode' => 'Sliding', 'perPage' => MAX_RESULTS, 'delta' => 2, 'totalItems' => $rows);
$pager = @Pager::factory($pager_options);
//then we fetch the relevant records for the current page
list($from, $to) = $pager->getOffsetByPageId();
echo '<table cellspacing="1" class="mail" >
<tr>
<th colspan="5">' . __('disppage03') . ' ' . $pager->getCurrentPageID() . ' ' . __('of03') . ' ' . $pager->numPages() . ' - ' . __('records03') . ' ' . $from . ' ' . __('to0203') . ' ' . $to . ' ' . __('of03') . ' ' . $pager->numItems() . '</th>
</tr>
<tr>
<td align="center">' . "\n";
//show the links
echo $pager->links;
echo '</td>
</tr>
</table>
</tr>
<tr>
<td colspan="4">';
}
}
}
//To look and see if any of the folders in the quarantine folder are strings and not numbers.
if (is_numeric($f)) {
// Display the Quarantine folders and create links for them.
echo '<tr><td align="center"><a href="quarantine.php?dir=' . $f . '">' . translateQuarantineDate($f, DATE_FORMAT) . '</a></td></tr>' . "\n";
// Skip any folders that are not dates and
} else {
continue;
}
}
echo '</table>' . "\n";
} else {
die("No quarantine directories found\n");
}
}
} else {
$dir = sanitizeInput($_GET['dir']);
if (QUARANTINE_USE_FLAG) {
dbconn();
$date = mysql_real_escape_string(translateQuarantineDate($dir, 'sql'));
$sql = "\nSELECT\n id AS id2,\n DATE_FORMAT(timestamp, '" . DATE_FORMAT . " " . TIME_FORMAT . "') AS datetime,\n from_address,";
if (defined('DISPLAY_IP') && DISPLAY_IP) {
$sql .= "clientip,";
}
$sql .= "\n to_address,\n subject,\n size,\n sascore,\n isspam,\n ishighspam,\n spamwhitelisted,\n spamblacklisted,\n virusinfected,\n nameinfected,\n otherinfected,\n report,\n ismcp,\n ishighmcp,\n issamcp,\n mcpwhitelisted,\n mcpblacklisted,\n mcpsascore,\n '' as status\nFROM\n maillog\nWHERE\n " . $_SESSION['global_filter'] . "\nAND\n date = '{$date}'\nAND\n quarantined = 1";
// Hide high spam/mcp from regular users if enabled
if (defined('HIDE_HIGH_SPAM') && HIDE_HIGH_SPAM === true && $_SESSION['user_type'] == 'U') {
$sql .= "\n AND\n ishighspam=0\n AND\n COALESCE(ishighmcp,0)=0";
}
$sql .= "\nORDER BY\n date DESC, time DESC";
db_colorised_table($sql, __('folder08') . ': ' . translateQuarantineDate($dir, DATE_FORMAT), true, true);
} else {
echo "</table>\n";
flush();
$quarantinedir = get_conf_var('QuarantineDir');
$quarantined = quarantine_list_items($url_id, RPC_ONLY);
if (is_array($quarantined) && count($quarantined) > 0) {
echo "<br>\n";
if (isset($_GET['submit']) && $_GET['submit'] == __('submit04')) {
debug("submit branch taken");
// Reset error status
$error = 0;
$status = array();
// Release
if (isset($_GET['release'])) {
// Send to the original recipient(s) or to an alternate address
if (isset($_GET['alt_recpt_yn']) && $_GET['alt_recpt_yn'] == "y") {
$to = sanitizeInput($_GET['alt_recpt']);
$to = htmlentities($to);
} else {
$to = $quarantined[0]['to'];
}
$status[] = quarantine_release($quarantined, $_GET['release'], $to, RPC_ONLY);
}
// sa-learn
if (isset($_GET['learn'])) {
$status[] = quarantine_learn($quarantined, $_GET['learn'], $_GET['learn_type'], RPC_ONLY);
}
// Delete
if (isset($_GET['delete'])) {
$status[] = quarantine_delete($quarantined, $_GET['delete'], RPC_ONLY);
}
echo '<table border="0" cellpadding="1" cellspacing="1" width="100%" class="maildetail">' . "\n";
function seedTableList($name, $type)
{
include_once '../configuration/db.php';
include_once 'db.php';
$numArgs = func_get_args();
foreach ($numArgs as $arg) {
$arg = sanitizeInput($arg);
}
//sanitizing all inputs
$query = "INSERT INTO tablelist (tabName,tabType) VALUES ('" . $name . "','" . $type . "')";
$connection = new mysqli(HOST, USER, PSW, DB);
if ($res = $connection->query($query)) {
$response = true;
} else {
$response = false;
}
$connection->close();
return $response;
}
html_start(__('msgviewer06'), 0, false, false);
?>
<SCRIPT type="application/javascript">
<!--
function do_action(id, action) {
ActionString = "quarantine_action.php?id=" + id + "&action=" + action + "&html=true";
DoActionWindow = window.open(ActionString, '', 'toolbar=no, directories=no, location=no, status=no, menubar=no, resizable=no, scrollbars=no, width=900, height=150');
}
-->
</SCRIPT>
<?php
dbconn();
if (!isset($_GET['id'])) {
die("No input Message ID");
} else {
$message_id = sanitizeInput($_GET['id']);
$sql = "SELECT * FROM maillog WHERE id='" . mysql_real_escape_string($message_id) . "' AND " . $_SESSION["global_filter"];
$message = @mysql_fetch_object(dbquery($sql));
// See if message is local
if (empty($message)) {
die("Message '" . $message_id . "' not found\n");
} else {
audit_log('Quarantined message (' . $message_id . ') body viewed');
}
$using_rpc = false;
if (!is_local($message->hostname) || RPC_ONLY) {
// Host is remote - use XML-RPC
$using_rpc = true;
//$client = new xmlrpc_client(constant('RPC_RELATIVE_PATH').'/rpcserver.php',$row->hostname,80);
$input = new xmlrpcval($message_id);
$parameters = array($input);
public function getAvailableTypes($personId, $year)
{
if (!checkClearanceLevel(ORGANIZER)) {
return false;
}
// Sanitize input data
$personId = sanitizeInput($personId);
$year = sanitizeInput($year);
$query = "SELECT * FROM type AS t WHERE NOT EXISTS (SELECT * FROM hours_extra AS he WHERE he.id_type_name=t.id && he.year={$year} && he.id_person={$personId} && NOT (t.name='Projekt' || t.name='Övrigt'))";
$result = mysql_query($query, $this->dbConn);
if (!$result) {
ErrorLog(mysql_error($this->dbConn));
return false;
}
$availableTypes = array();
while ($row = mysql_fetch_assoc($result)) {
$availableTypes[$row['id']] = $row;
}
return $availableTypes;
}
function luser_newform()
{
$refresh = luser_loginstart("Enter email address");
// Display table headings
echo "<div align=\"center\">\n";
printf('<FORM name="newform" method="post" action="%s">%s', sanitizeInput($_SERVER['PHP_SELF']), "\n");
printf('<INPUT type="hidden" name="reqtype" value="newsubmit">%s', "\n");
echo "<TABLE width=\"400\" CLASS=\"mail\" BORDER=0 WIDTH=100% CELLSPACING=2 CELLPADDING=2>\n";
echo " <THEAD>\n";
echo " <TH COLSPAN=2>Please enter your email address.<br>A new password will be emailed to you.</TH>\n";
echo " </THEAD>\n";
echo " <TR>\n";
echo " <TD ALIGN=\"LEFT\">Email Address:</TD>\n";
echo " <TD><input name=\"luser\" size=\"30\" maxlength=\"1024\"></TD>\n";
echo " </TR>\n";
echo " <TR>\n";
printf(' <TD colspan="2" align="center"><INPUT type="submit" name="submit" value="Create Account"></TD>%s', "\n");
echo " </TR>\n";
echo "</TABLE>\n</FORM>";
echo "</div>\n";
html_end();
}
echo " <TD ALIGN=\"RIGHT\">" . $row->sascore . "</TD>\n";
echo " <TD>" . $status . "</TD>\n";
echo " </TR>\n";
}
echo " <TR><TD COLSPAN=8>\n";
echo " <TABLE WIDTH=100% BORDER=0><TR>\n";
// Previous page link
// tgf - Don't show a Prev link on the first page.
if ($data['current'] != '1') {
printf('<TD ALIGN="CENTER"><A HREF="%s?offset=%d"><<Prev</A></TD><TD ALIGN="CENTER">', sanitizeInput($_SERVER['PHP_SELF']), $data['prev']);
} else {
printf('<TD ALIGN="CENTER"> </TD><TD ALIGN="CENTER">');
}
// Links to each page
foreach ($data['pages'] as $page => $start) {
if ($data['current'] != $page) {
printf('<A HREF="%s?offset=%d">%s</A> ', sanitizeInput($_SERVER['PHP_SELF']), $start, $page);
} else {
printf('%s ', $page);
}
}
// Next page link
// tgf - Don't show a Next link on the last page.
if ($data['current'] != $data['numpages']) {
printf('</TD><TD ALIGN="CENTER"><A HREF="%s?offset=%d">Next>></A></TD>', sanitizeInput($_SERVER['PHP_SELF']), $data['next']);
} else {
printf('</TD><TD ALIGN="CENTER"> </TD>');
}
echo " </TR></TABLE>\n";
echo "</TD></TR></TABLE>\n";
html_end();
function luser_sendpass($user, $pass)
{
// Trever, 20031003
// Email a password to a user.
// We don't sanitycheck the username here - that's elsewhere, since this
// isn't a function to expose directly to user input.
$to = $user;
$from = LUSER_PASSCHANGEFROM;
$subject = "Updated password for spam filter log";
include 'Mail.php';
$message = "Your new password for MailWatch is:\n\n";
$message .= "\tUsername: {$user}\n\tPassword: {$pass}\n\n";
$message .= "You may use this information to log into the system here:\n";
$message .= "http://relay.public.herff-jones.com/" . sanitizeInput($_SERVER['PHP_SELF']);
$message .= "\n\nPlease save this message securely for future reference.\n";
if (!mail($to, $subject, $message, "From: MailWatch Password Update Service <{$from}>\r\n" . "Reply-To: {$from}")) {
// Sending the message failed for some reason.
echo "Error: Unable to send password email - please contact the admin.\n";
return false;
}
return true;
}
case "save":
if (isset($_GET['save_as'])) {
$name = sanitizeInput($_GET['save_as']);
}
if (isset($_GET['filter']) && $_GET['filter'] != "_none_") {
$name = sanitizeInput($_GET['filter']);
}
if (!empty($name)) {
$filter->Save($name);
}
break;
case "load":
$filter->Load(sanitizeInput($_GET['filter']));
break;
case "delete":
$filter->Delete(sanitizeInput($_GET['filter']));
break;
}
}
// add the session filters to the variables
$_SESSION["filter"] = $filter;
$filter->AddReport("rep_message_listing.php", "Message Listing");
$filter->AddReport("rep_message_ops.php", "Message Operations");
$filter->AddReport("rep_total_mail_by_date.php", "Total Messages by Date");
$filter->AddReport("rep_top_mail_relays.php", "Top Mail Relays");
$filter->AddReport("rep_top_viruses.php", "Top Viruses");
$filter->AddReport("rep_viruses.php", "Virus Report");
$filter->AddReport("rep_top_senders_by_quantity.php", "Top Senders by Quantity");
$filter->AddReport("rep_top_senders_by_volume.php", "Top Senders by Volume");
$filter->AddReport("rep_top_recipients_by_quantity.php", "Top Recipients by Quantity");
$filter->AddReport("rep_top_recipients_by_volume.php", "Top Recipients by Volume");
break;
case 'delete':
if (isset($_GET['id'])) {
$id = sanitizeInput($_GET['id']);
$sql = "DELETE FROM users WHERE username='******'";
dbquery($sql);
audit_log("User '" . $_GET['id'] . "' deleted");
}
break;
case 'filters':
$id = sanitizeInput($_GET['id']);
if (isset($_GET['filter'])) {
$getFilter = sanitizeInput($_GET['filter']);
}
if (isset($_GET['new'])) {
$getActive = sanitizeInput($_GET['active']);
$sql = "INSERT INTO user_filters (username, filter, active) VALUES ('" . mysql_real_escape_string($id) . "','" . mysql_real_escape_string($getFilter) . "','" . mysql_real_escape_string($getActive) . "')";
dbquery($sql);
if (DEBUG == 'true') {
echo $sql;
}
}
if (isset($_GET['delete'])) {
$sql = "DELETE FROM user_filters WHERE username='******' AND filter='" . mysql_real_escape_string($getFilter) . "'";
dbquery($sql);
if (DEBUG == 'true') {
echo $sql;
}
}
if (isset($_GET['change_state'])) {
$sql = "SELECT active FROM user_filters WHERE username='******' AND filter='" . mysql_real_escape_string($getFilter) . "'";
die("Error: file not found\n");
}
$file = file_get_contents($quarantine_dir . '/' . $filename);
}
}
$params['include_bodies'] = true;
$params['decode_bodies'] = true;
$params['decode_headers'] = true;
$params['input'] = $file;
$Mail_mimeDecode = new Mail_mimeDecode($file);
$structure = $Mail_mimeDecode->decode($params);
$mime_struct = $Mail_mimeDecode->getMimeNumbers($structure);
// Make sure that part being requested actually exists
if (isset($_GET['part'])) {
if (!isset($mime_struct[$_GET['part']])) {
die("Part " . sanitizeInput($_GET['part']) . " not found\n");
}
}
function decode_structure($structure)
{
$type = $structure->ctype_primary . "/" . $structure->ctype_secondary;
switch ($type) {
case "text/plain":
/*
if (isset ($structure->ctype_parameters['charset']) &&
strtolower($structure->ctype_parameters['charset']) == 'utf-8'
) {
$structure->body = utf8_decode($structure->body);
}
*/
echo '<!DOCTYPE html>
echo " <tr>\n";
echo ' <td class="heading" width="150" align="right" valign="top">Error Messages:</td>' . "\n";
echo ' <td class="detail">' . "\n";
foreach ($errors as $key => $val) {
echo " {$val}<br>\n";
}
echo " </td>\n";
echo " <tr>\n";
}
echo " <tr>\n";
echo ' <td class="heading" width="150" align="right" valign="top">Error:</td>' . "\n";
echo ' <td class="detail">' . ($error ? $yes : $no) . '</td>' . "\n";
echo ' </tr>' . "\n";
echo '</table>' . "\n";
} else {
echo '<form action="' . sanitizeInput($_SERVER['PHP_SELF']) . '" name="quarantine">' . "\n";
echo '<table cellspacing="1" width="100%" class="mail">' . "\n";
echo ' <tr>' . "\n";
echo ' <th colspan="7">' . __('quarantine04') . '</th>' . "\n";
echo ' </tr>' . "\n";
echo ' <tr>' . "\n";
echo ' <th>' . __('release04') . '</th>' . "\n";
echo ' <th>' . __('delete04') . '</th>' . "\n";
echo ' <th>' . __('salearn04') . '</th>' . "\n";
echo ' <th>' . __('file04') . '</th>' . "\n";
echo ' <th>' . __('type04') . '</th>' . "\n";
echo ' <th>' . __('path04') . '</th>' . "\n";
echo ' <th>' . __('dang04') . '?</th>' . "\n";
echo ' </tr>' . "\n";
$is_dangerous = 0;
foreach ($quarantined as $item) {
